Mercurial > code > home > repos > pomerium

diff 04-gen-secrets-job.yaml @ 8:723ad82340d1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
code versions
author drewp@bigasterisk.com
date Mon, 12 Dec 2022 23:19:28 -0800
parents kube/04-gen-secrets-job.yaml@6bf643829330
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/04-gen-secrets-job.yaml	Mon Dec 12 23:19:28 2022 -0800
@@ -0,0 +1,36 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  labels:
+    app.kubernetes.io/name: pomerium
+  name: pomerium-gen-secrets
+  namespace: pomerium
+spec:
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: pomerium
+      name: pomerium-gen-secrets
+    spec:
+      containers:
+      - args:
+        - gen-secrets
+        - --secrets=$(POD_NAMESPACE)/bootstrap
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: pomerium/ingress-controller:sha-efe2d11
+        imagePullPolicy: IfNotPresent
+        name: gen-secrets
+        securityContext:
+          allowPrivilegeEscalation: false
+      nodeSelector:
+        kubernetes.io/os: linux
+      restartPolicy: OnFailure
+      securityContext:
+        fsGroup: 1000
+        runAsNonRoot: true
+        runAsUser: 1000
+      serviceAccountName: pomerium-gen-secrets